Slashdot videos: Now with more Slashdot!

View

Discuss

Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

An anonymous reader writes "Apple has never worked with any government agency from any country to create a backdoor in any of our products or services. We have also never allowed access to our servers," the company said Sunday in a bilingual statement on its China website. Users have to make the choice to enable the iPhones to calculate their locations, while "Apple does not track users' locations — Apple has never done so and has no plans to ever do so," the company said. The statement was in response to allegations by China's top state broadcaster that iOS7 software and its "Frequent Location" service posed a security risk. The data can be accessed easily, although labelled as "encrypted," and may lead to the disclosure of "state secrets," CCTV said.

The Chinese security services are not as bad as the NSA. They freely admit that they monitor everything happening on their networks as they have no reason to hide it. In fact they are proud as it shows they are protecting their people.

There is a genuine security concern with any American products now, thanks to the NSA. Don't try to divert people by saying everyone else is as bad or making excuses. The NSA is harming US companies and US citizens through its actions, and other countries are right to treat it as a major security threat.

how is that "not as bad"? it's just differently bad. they want to intimidate (though not quite as overtly as the USSR did), while the US wants to secretly disappear people. it's not a diversion. it's reality, and neither 'side' is that great, even though i'd much, much rather be in the US.

anyway, China has always clamped down on unlicensed cartography, and it is theoretically possible to use data mining to squeeze some location information out of the iPhone data. this really seems like a non-story to me, or

Here in the US, my wife gave up on using Skype because the quality was extremely unreliable. At one point, the call kept getting dropped every 5 second. She would try again, and like clockwork, get dropped again. So she had her parents use FaceTime on the iPad. Flawless connectivity with relative low latency (going over fiber in the Pacific no doubt) when communicating to Shanghai. If I had to guess, blocking FaceTime would also be blocking other Apple services for iOS devices. Secondly, Skype packets were

Protectionism isn't something the G8 generally likes and has come under fire lately. Based on some things i've seen lately, I believe China (and perhaps india) have been spanked for their usual nonsense.

So maybe those people are now trying a different approach, rather than the normal protectionism that chinese companies engage in (using only their own suppliers, designing out foreign chips, bringing all mfg and design work to them so that they can control the supply chain), they're trying to hide behind FUD.

The Department of Transportation is committed to maximizing the economic benefits of the Obama Administration’s historic infrastructure investments through Buy America provisions that keep American companies healthy and families working.

The NSA's actions will be regarded as the modern Smoot-Hawley which set forth the collapse in sales in one of America's last major export industries that set it into motion.

Though in fairness to the NSA, the American people are to blame for their "want my cake and eat it too" mentality on intelligence gathering. When it was discovered that the CIA did a lot of Really Bad Things because, shocker, that's par for the course in normal boots on the ground intelligence work we switched to electronics surveillance and created this mess.

As much as I love Apple's hardware and services their online services have always been pretty poor. Do we really think the company behind.Mac, or rather, MobileMe, er, iCloud would be competent enough to log and manage the amount of data this would require?

Interesting point. They have a store called iTunes and it's not even on the web yet. (Amazon had web sales working in, what, 1995?) Every time I go to the iTunes site it wants me to download some special software, and they still can't make a sale without it.

"As we have stated before, Apple has never worked with any government agency from any country to create a backdoor in any of our products or services."
could just as easily mean, 'we havent worked WITH govt agencies.. but when they told us to step aside and let their devs in to commandeer a subroutine, we turned a blind/black-box eye'
We have also never allowed access to our servers. And we never will. It’s something we feel very strongly about.
oh, they 'feel strongly' about it? how comforting. and how do they define 'allow'? notice they dont say govt/others never HAD or HAVE access, just that it's not 'allowed'.. mmmkay..

people like me is funny. you're right. they probably can't, because as Charliemopps says in 'um...' below, and CeasedCaring says in 'Dear Apple', they lie, and are forced to lie. my point is to illustrate how easily their carefully crafted words can be obfuscating, so that perhaps some people who would otherwise be comforted by nice sounding denials don't take a simple statement at face value and instead, decide intelligently if the fact pattern supports their statements. if you are of the mind to believe and remain unawares, then godspeed.

nice try bub.
i am advocating for using critical thought and not taking public statements at face value - regardless of the source...especially in situations where the source has demonstrated a propensity to mislead. by all mean, don't believe anything i'm saying - investigate for yourself. however, as i do not fit that category, your statements are more ad hominem attack than a thoughtful response.

a fair question, and unfortunately, at this stage of the game, with the govt anti-privacy/spying machinations as far developed as they are, aside from transparency coming to THOSE organizations, it will likely continue tainting the likes of apple, at the very least by virtue of explicity and implicit gag orders. perhaps given their public position, they could agitate for such transparency to come. perhaps not. i dont know.

After CALEA (1994) Communications Assistance for Law Enforcement Act, and Snowden? There is not much left on any telco connected phone that would be considered private.
Add in self written NSL, findings and other cute legal options to work with cadres of willing private sector staff.

It is not hard to issue denial that isn't overly specific. From the summary "Apple does not track users' locations — Apple has never done so and has no plans to ever do so," is much better. But, yes, that could be picked apart also. But for me, Apple's denials are, like so many others orgs recently, far too specific to be reassuring. For instance, they could say "we do not know of any backdoors in our products that are not actively being patched" instead of "we have not *created* any backdoors" See ho

Based on published information, we know that the NSA gets customer information by compelling companies to produce the records, or it taps the connections between their datacenters and it gets the data in transit). Apple didn't deny either -- neither one of those involve installing a backdoor or giving SERVER access.

I think you're on the right track. There really is nothing that Apple can say to convince foreign users that their data is safe.

it taps the connections between their datacenters and it gets the data in transit

...

There really is nothing that Apple can say to convince foreign users that their data is safe.

How can it be safe when the NSA is intercepting it? Some companies have said they are now encrypting data as it flows between datacentres, but we don't know how competent they are at doing it or if the NSA has some work-around. The bottom line is that any data stored in the USA has to be assumed to be compromised.

It's not just Apple, all US companies have this problem. It's hard to see how they can ever recover now.

The bottom line is that any data stored in the USA has to be assumed to be compromised.
Thats why Russia, China and other nations are now building their own cpu production lines, trying to build their own internal networks and removing data from any connected networks.
They have also worked out what can be activated for law enforcement per user can also be used by other countries clandestine services.
The consumer software is tame, the encryption junk and known to revert to plain text. The reach of updates

"we haven't worked with govt agencies, and no govt agency created code or hardware exists in our devices or servers. the govt has never had, or will ever have, access to our servers."

Which would all be obviously false. For example, Apple will regularly work together with the FTC. The open source code that Apple uses comes from all kinds of places, you can bet there is some created by a government agency. And every government employee can get an Apple Id and get access to the App Store or iCloud servers.

The damage caused to the intelligence community is only a fraction of the damage US corporations will have to endure.The issue here is trust. Once you betray it, you never fully get it back. Ever.

This is why US companies need to fight this tooth and nail. Because when the truth finally does come out ( and it always does eventually ) it's pretty much THEIR ass that is left hanging in the wind. Regardless if the company is innocent or not, if the trust is gone, so are you. The government picks up the tab

I'm not sure if this is a moving goalposts or no real scotsman issue. How can apple issue a denial that would satisfy people like you? Surely anything would be picked apart.

"Whenever you access an online service, that online service will know your approximate geographical location to city level, and also the intervening network infrastructure (cellphone towers &c.) will know. This is common to ALL mobile devices. Also, whenever your device is set to connect to networks (cellphone, wifi, bluetooth,...) then those networks also know your approximate location. Again, this is common to all mobile devices.

No not at all! Where did you get that from? (and actually, even back in 2002 I remember having WAP and IMAP on my phone, so they also divulged my location).

What I want is (1) for Apple to continue to be truthful, (2) for the "don't let app/webpage feature use my location" to be trustworthy with respect to apps and to all the various ways that location can be deduced (bluetooth, wifi, cellular, GPS), and (3) for COMPLETE disclosure of the other times when the iOS system keeps a record of those location-relat

The gag orders have made speech entirely pointless. It is not legal for this company to tell us the truth without going to jail because their right of free speech has been suspended. That make every statement about the subject entirely meaningless, because anyone who knows the truth is prohibited by law from saying anything about it, or even insinuating the truth via omission.

there are actually back-doors specifically built into iOS devices -- back doors not used by any Apple software on the device, not usable by genius-bar or any user-benefitting scenario, but still that make it possible for "someone" to get at a lot of the personal data.

Quote: "Why do we need a packet-sniffer running on 600 million personal iOS devices?"

You are claiming that Apple is making statements that while literally true, are misleading people to make them belief something that isn't true.

I would assume that Apple doesn't aim statements like this at paranoids. Fact is: Apple either acts in a way that a normal, non-paranoid person would expect from a statement like this and are speaking the truth, or they are not and they are lying, but it would be utterly pointless for Apple to make carefully crafted statements that are literally true but misleadi

pointless to do so? have you ever worked at a large public corporation with a legal dept? im guessing no.. this release went through many iterations internally to ensure technical veracity, but that could nonetheless appear to demonstrate transparency.
otherwise, why not just use plain-speak without gaping holes? im sure many people here could very easily craft a release that would suffice, but that would require them to say things that they cannot without lying.
p.s. find it fascinating that with the ma

pointless to do so? have you ever worked at a large public corporation with a legal dept? im guessing no.. this release went through many iterations internally to ensure technical veracity, but that could nonetheless appear to demonstrate transparency.

I am working at a large public corporation with a legal department.

Every legal department will tell you that a statement that is technically correct but entirely misleading will give you not the slightest legal protection. More important for Apple, making a statement that is technically correct but entirely misleading would mean that the shit hits the fan even harder when things get out. And things get out.

ah, that explains the perturbation. anyhoo, it's called kicking the can... not so much about legal protection as a creature operating via it's handbooks m.o. without regard for the bigger picture. and it happens.

pointless to do so? have you ever worked at a large public corporation with a legal dept? im guessing no.. this release went through many iterations internally to ensure technical veracity, but that could nonetheless appear to demonstrate transparency.

Just figured out... The first post that I replied to state that Apple _might_ be misleading the public. You are stating, without the slightest evidence, as a plain fact that they are indeed misleading the public. You also are stating, without the slightest evidence, that their lawyers are not clever enough to produce a sufficiently misleading statement on their first attempt, but that they needed many iterations to do so.

In other words, without the slightest evidence you are claiming that Apple is lying

dude. you've misinterpreted mucho. it sounds like you're having another conversation in your head. i'm sorry you seem a bit bent out of shape over all this and are getting yourself worked up.
i started to type a further reply, but i think what ive written so far is enough. if you dont grok, cest la vie. cheers

could just as easily mean, 'we havent worked WITH govt agencies.. but when they told us to step aside and let their devs in to commandeer a subroutine, we turned a blind/black-box eye'

Pretty sure giving them any access to any box or building would legally meet the definition of "working with."

You have to give credit to Apple for making these statements, because if it comes out that they did help the government, these open letters could be used as ammo against them in a class action lawsuit. So either Apple is stupid for making these claims when a no comment would be a better option legally, or they're not actually working with the government.

"As we have stated before, Apple has never worked with any government agency from any country to create a backdoor in any of our products or services."

We already know that Apple does key escrow of iMessage. Their security guidance documentation is very straightforward except it dances around the iMessage key escrow section like the cha-cha just came on the turntable, and then goes back to normal. Warrant canary much?

Apple could have created that all on their own, perhaps for noble purposes (being the ben

Apple failed to mention the bit about, if a US government agency had contacted them and requested information or for a backdoor to be put into their device, they'd be required by federal law to lie about it or face charges of treason. In fact, given how unrestrained the NSA is at this time, this press release may have even been written at the request of a national security letter. It's terrifying that this is where we're at... but here we are none the less.

Next up, the NSA releases a statement: "Edward Snowden is a traitor and a jerk! Look how he's hurting nice companies like Apple!"

Apple failed to mention the bit about, if a US government agency had contacted them and requested information or for a backdoor to be put into their device, they'd be required by federal law to lie about it or face charges of treason.

That's not true. They could keep quiet; there is nothing in the current (unconstitutional) laws by which they can be required to make any statement at all.

You know, I think Apple, Google, and a few other companies could get away with calling their bluff. If Tim Cook or Larry Page had a press conference to announce that they'd received a hush order from the NSA, that they refused to honor it, and that it was against their company policy to spy on Americans (all while waving a flag and talking about apple-pie-eating eagles), I don't think much could be done about it. Can you imagine the firestorm if someone tried to have those guys arrested for "protecting aver

Curious in that Apple iPhone was the only piece of gear that could be relied upon to be cracked. Any model.

If it was so easy, why does it take physical access to break into one, and why does Law Enforcement have a huge waiting list at Apple to break into them? (And only partial success, at that)?

If they can be reliably cracked, then there is no need to send the phone back to Apple for extraction of data - they could just extract it right then and there, no Apple involvement at all. Because Apple makes it highly inconvenient to get at it, after all.

Of course, if you're talking about jailbreaking, well, that's not utterly reliable, either (few existed for iOS6, and iOS7 has some by questionable Chinese places seeking to make money selling pirated apps). Of course, it also helps there is massive interest in cracking it - I mean, with so many devices out there, there is an army of people who will want to break into it.

But all the jailbreaks tended to require actual access to the device - if it was locked in any way you couldn't do it - no longer can you just create a hacked IPSW and flash it in.

Re: If it was so easy, why does it take physical access to break into one, and why does Law Enforcement have a huge waiting list at **some big trusted brand** to break into them? (And only partial success, at that)?
Think back to other nations using junk encryption in the past?
Engima, aspects of Japans war time codes, the Soviet Unions re use of one time pads in the 1940's early 1950's, the German efforts against US (M-209) and UK War Office Cypher (~4-figure codebooks) and so many other national systems.

Curious in that Apple iPhone was the only piece of gear that could be relied upon to be cracked. Any model.

Emphasis on "was". Up to about iPhone 3G.

There are two major changes nowadays. Change one is permanent full disk encryption. Change two is activation. You can only activate a wiped phone. When you buy a used phone, the seller could hand you their AppleId and password (which would be a stupid thing to do), so you wouldn't activate the phone yourself and would have whatever software is on the phone. But you would instead wipe the phone, activate it with your own AppleId and password, and whatever was on th

Yes, list all scientists and engineers via public means and then work out who is around them, track them all.
Then find the sites some gather at that have cooling systems or use vast amounts of power.
If the person has weaknesses eg gambling or some other interest that sets them apart you and they can travel, another nations security services can make them an offer.
The tame imported consumer tech software layer is just for getting calls, web 2.0 insight and locations making the sorting of staff more easy.

I know that the NSA could easily be tapping iPhones and have backdoors into them (and probably do) but this seems like a colossal over-reaction by the Chinese media. CCTV is claiming that the "Frequent Locations" feature could somehow be used to leak state secrets, but that doesn't make sense for any number of reasons:

1. According to the ZDNet article, the feature in question is entirely opt-in and disabled by default. They don't seem to have proof that the switch is merely for show (as in, it's transmitting the data regardless of whether or not you've opted in) which means there's a very easy fix for this - don't turn it on, or turn it off if it's on.

2. Also from the ZDNet article, the feature apparently causes the phone to keep a local copy of location data in regards to frequently-visited areas for use in other applications. It's not clear whether this data is actually transmitted anywhere - Apple said the device only keeps a local copy, but with the NSA around it's entirely possible it transmits it somewhere. If what Apple is saying is true, obtaining a copy of the data requires physical access to the device. If you've had your phone stolen and didn't lock it, chances are that you have much bigger privacy concerns than someone obtaining your location data, especially if you're in the Chinese government.

3. CCTV claims that the device can somehow be used to leak state secrets, but this seems like FUD. The only way I could see this happening (and being useful) is if someone who works on a submarine or other restricted area (nuclear sites, missile silos, etc) happened to have their phone stolen or was intentionally giving their phone to someone, but I'm fairly certain their military doesn't allow outside devices into restricted areas (the US military sure doesn't) and if someone's intentionally giving away the data that's another problem altogether.

Couple this with the fact that China has smartphone manufacturers located in-country that only sell within China, and you have what looks like FUD designed to get people to stop switching to the iPhone and instead buy a phone made by a state-friendly manufacturer.

The actual claim that the Chinese make is that a new feature in iOS collects location data on the phone (which it does), and if the phone gets stolen or hacked, someone might see that data and that could have all kinds of consequences, worst case consequences for China's national security. So there was _no_ claim that Apple was involved or helping in any spying at all.

To a software developer it should be obvious that if Apple wanted to spy on you, the presence or absence of this feature wouldn't make the slightest difference whatsoever. If Apple can secretly send data that were openly collected on your phone, they could equally easily secretly send data that was secretly collected on your phone.

To a non-developer, it should be equally obvious that there are hundreds of features with the same national security implications, like word processors, spreadsheets, note-taking applications and so on and so on. Probably applications that are far more dangerous. I would expect a word processor to contain much juicier information than a location log.

there are a number of places that sell girls ballet costumes that could be used to distract somebody with security clearance therefore we must monitor/regulate access to these stores selling "terror supplies"!

just about anything can be somehow used to "violate National Security" with minimal work and the correct context.

Software must be audited to be sure there's no backdoor... Only open source is secure (including open source silicon)
If I were NSA I had built a backdoor in hardware, much more effective and software independent

Such a meaningless statement because it isn't backed up by any consequences. How about "Apple will pay 1 billion US dollars to any individual or organization that has any information collected by Apple provided to any government organization, direct or indirect". At least then anyone compromised by Apple will be able to afford a good legal defense.